diff options
-rw-r--r-- | keystore2/legacykeystore/lib.rs | 5 | ||||
-rw-r--r-- | keystore2/src/database.rs | 5 | ||||
-rw-r--r-- | keystore2/src/operation.rs | 2 | ||||
-rw-r--r-- | keystore2/src/security_level.rs | 5 | ||||
-rw-r--r-- | keystore2/tests/keystore2_client_test_utils.rs | 42 |
5 files changed, 41 insertions, 18 deletions
diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs index f7a81983..db3eff63 100644 --- a/keystore2/legacykeystore/lib.rs +++ b/keystore2/legacykeystore/lib.rs @@ -55,7 +55,7 @@ impl DB { F: Fn(&Transaction) -> Result<T>, { loop { - match self + let result = self .conn .transaction_with_behavior(behavior) .context("In with_transaction.") @@ -63,7 +63,8 @@ impl DB { .and_then(|(result, tx)| { tx.commit().context("In with_transaction: Failed to commit transaction.")?; Ok(result) - }) { + }); + match result { Ok(result) => break Ok(result), Err(e) => { if Self::is_locked_error(&e) { diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs index b526daac..2757313f 100644 --- a/keystore2/src/database.rs +++ b/keystore2/src/database.rs @@ -1467,7 +1467,7 @@ impl KeystoreDB { F: Fn(&Transaction) -> Result<(bool, T)>, { loop { - match self + let result = self .conn .transaction_with_behavior(behavior) .context(ks_err!()) @@ -1475,7 +1475,8 @@ impl KeystoreDB { .and_then(|(result, tx)| { tx.commit().context(ks_err!("Failed to commit transaction."))?; Ok(result) - }) { + }); + match result { Ok(result) => break Ok(result), Err(e) => { if Self::is_locked_error(&e) { diff --git a/keystore2/src/operation.rs b/keystore2/src/operation.rs index eabc1abb..11eaf17a 100644 --- a/keystore2/src/operation.rs +++ b/keystore2/src/operation.rs @@ -290,7 +290,7 @@ impl Operation { // We abort the operation. If there was an error we log it but ignore it. if let Err(e) = map_km_error(self.km_op.abort()) { - log::error!("In prune: KeyMint::abort failed with {:?}.", e); + log::warn!("In prune: KeyMint::abort failed with {:?}.", e); } Ok(()) diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs index 6fb0eb20..5f9745f0 100644 --- a/keystore2/src/security_level.rs +++ b/keystore2/src/security_level.rs @@ -927,7 +927,7 @@ impl KeystoreSecurityLevel { .context(ks_err!("Check permission"))?; let km_dev = &self.keymint; - match { + let res = { let _wp = self.watch_millis( concat!( "In IKeystoreSecurityLevel::convert_storage_key_to_ephemeral: ", @@ -936,7 +936,8 @@ impl KeystoreSecurityLevel { 500, ); map_km_error(km_dev.convertStorageKeyToEphemeral(key_blob)) - } { + }; + match res { Ok(result) => { Ok(EphemeralStorageKeyResponse { ephemeralKey: result, upgradedBlob: None }) } diff --git a/keystore2/tests/keystore2_client_test_utils.rs b/keystore2/tests/keystore2_client_test_utils.rs index f270297c..7534da3a 100644 --- a/keystore2/tests/keystore2_client_test_utils.rs +++ b/keystore2/tests/keystore2_client_test_utils.rs @@ -95,14 +95,11 @@ pub fn skip_device_id_attest_tests() -> bool { // only system update and not vendor update, newly added attestation properties // (ro.product.*_for_attestation) reading logic would not be available for such devices // hence skipping this test for such scenario. - let api_level = std::str::from_utf8(&get_system_prop("ro.board.first_api_level")) - .unwrap() - .parse::<i32>() - .unwrap(); + // This file is only present on GSI builds. - let path_buf = PathBuf::from("/system/system_ext/etc/init/init.gsi.rc"); + let gsi_marker = PathBuf::from("/system/system_ext/etc/init/init.gsi.rc"); - api_level < 34 && path_buf.as_path().is_file() + get_vsr_api_level() < 34 && gsi_marker.as_path().is_file() } #[macro_export] @@ -514,15 +511,38 @@ pub fn get_system_prop(name: &str) -> Vec<u8> { } } +fn get_integer_system_prop(name: &str) -> Option<i32> { + let val = get_system_prop(name); + if val.is_empty() { + return None; + } + let val = std::str::from_utf8(&val).ok()?; + val.parse::<i32>().ok() +} + +pub fn get_vsr_api_level() -> i32 { + if let Some(api_level) = get_integer_system_prop("ro.vendor.api_level") { + return api_level; + } + + let vendor_api_level = get_integer_system_prop("ro.board.api_level") + .or_else(|| get_integer_system_prop("ro.board.first_api_level")); + let product_api_level = get_integer_system_prop("ro.product.first_api_level") + .or_else(|| get_integer_system_prop("ro.build.version.sdk")); + + match (vendor_api_level, product_api_level) { + (Some(v), Some(p)) => std::cmp::min(v, p), + (Some(v), None) => v, + (None, Some(p)) => p, + _ => panic!("Could not determine VSR API level"), + } +} + /// Determines whether the SECOND-IMEI can be used as device attest-id. pub fn is_second_imei_id_attestation_required( keystore2: &binder::Strong<dyn IKeystoreService>, ) -> bool { - let api_level = std::str::from_utf8(&get_system_prop("ro.vendor.api_level")) - .unwrap() - .parse::<i32>() - .unwrap(); - keystore2.getInterfaceVersion().unwrap() >= 3 && api_level > 33 + keystore2.getInterfaceVersion().unwrap() >= 3 && get_vsr_api_level() > 33 } /// Run a service command and collect the output. |